Office 365 doesn’t need additional security

It’s in the cloud, right? It’s already secure… the experts are looking after it! Right?

Well, that’s partially true. The experts are looking after it. But there’s still a few things that you can do to bolster security for you and your other Office 365 users.

Give the gift of ATP

Advanced Threat Protection (ATP) is a set of tools which add a whole raft of extra protection to user’s mailboxes and OneDrive files.

  • Protect against unsafe attachments
    With Safe Attachments, you can prevent malicious attachments from impacting your messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity. Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.
  • Extra mailbox security
    New malware campaigns are being launched every day, and Office 365 has a solution to help protect your email, files, and online storage against them. Office 365 Advanced Threat Protection can help protect your mailboxes, files, online storage, and applications against new, sophisticated attacks in real time. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
  • Protect against accidental clicks
    As most threats come in via emails or web links, ATP also provides protection against malicious links by scanning content. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.

Adding ATP to your Office 365 costs a fraction of the cost of your Office 365 user license cost. Stratum Now can add this to any existing mailbox, whether we provide the licenses for you or not! Plus, ATP allows you to gain critical insights into who is being targeted in your organisation and the category of attacks you are facing. Reporting and message trace allow you to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows you to track individual malicious links in the messages that have been clicked.

Q: Should I enable it?

The small extra cost can massively outweigh the risk of ransomware and malware infections on your corporate network. Ask Stratum Now today to add Advanced Threat Protection to your Office 365 users today. Protect against the additional treats that are out there.

Use an additional device (2FA)

If you’ve not heard of 2FA, it’s a fairly old way of adding a very good layer of additional security to your systems.

The way it works is this:

  1. You enter your username and password to log on, as normal.
  2. You are then prompted for an additional form of proof that it is you. This can be one of the following:
    1. A text message to your nominated mobile phone.
    2. A voice call to your nominated phone number.
    3. A prompt for a code from a 2FA application, such as Authy.

Q: Why is 2FA so good?

It virtually eliminates password re-use overnight. With this method there’s very little chance that someone can use your password; because if they try to, they’ll also need access to your mobile phone, or another of the above methods. As far as corporate policies go, it is almost a solid guarantee that the person that is signed in is the same as the person that’s pressing the buttons. No more borrowing of someone else’s account because they’re on holiday, or they have better access levels than someone else.

Q: But is it a magic bullet?

It’s good, but it’s not perfect. If you lose your device, you’ll struggle to get in to your accounts… it doesn’t get around the deliberate password re-use, because the codes can still be shared. And there are instances of where malware has bypassed 2FA, either due to sloppy coding, open authentication points where passwords can be used, and so on.

Q: Should I enable it?

Yes! But try it on a personal account first, to see how it feels (such as Gmail – a fantastic walk-through guide on how to do that is here). Then, once you’re comfortable reaching for your phone every time you need to sign in (it’s not as bad as it sounds), get your Office 365 administrator to enable it for you and for your whole team.

What happens after a problem?

Well, that’s tricky. If you’ve got adequate protection, the bad things won’t happen. But if they do, you’ll need a way to recover.

Just because something is in the cloud, doesn’t make it immune to corruption or deletion. There’s no such thing as “too safe” when it comes to protecting your business data; best practice is to have your data in more than one location, especially a location that you can control.

Solutions such as SaaS Backup from Datto provide the extra security of having control over your data, and give you the ability to restore your data. Office 365 keeps data for between 30 and 90 days, depending on the type of data. Other solutions, such as Datto’s SaaS Backup for Office 365, will keep data forever.

More resources

Office 365 has a great write-up on their additional security options on their Trust Centre page. But there’s more to do than what Microsoft suggest; contact Stratum One today and discuss your security concerns with us, and we’ll help you provide a cost-effective security strategy for Office 365.

Leave a comment